The impact of cyber crime is by far the most significant this year and could surpass a combination of years past. Since privacy laws have laxed in recent years and emerging technologies are putting more power in the hands of mischievous hackers or criminals the challenge of protecting from cyber crime has also increased multi fold. If you think about it a “hacker” (generic sense because not all hackers are back guys) wants to get into your web site or IT infrastructure they often only need to find one vulnerability out of a huge well known and very available “catalog” of vulnerabilities and techniques. In contrast you as a protection agent need to protect from all known vulnerabilities as well as perhaps some yet to be discovered. In addition you need to have a data recovery and risk management strategy even if you have a small web site or infrastructure. You might think “ I have a small website with no sensitive information” why would anyone want to hack me. Well you are perhaps one of the best candidates for a thrifty hacker since it could be easy to get in and stay stealth in your site without you even knowing they are there. Kind of like a perfect hiding place for them to launch attacks or host files used in what are called phishing schemes. For example they can have a replicat of a banking site with login fields directing username and password emailing after a long path of encryption and passing back and forther over to their email. They would send out scary emails telling you your back account is in jeopardy and that they need you to immediately log in to verify and update their account information.
So with that in mind if you are online you have the same responsibilities and liabilities as much larger organizations with significant IT budgets. The troubling and not so talked about fact is that the ultimate liability will fall on the origination of the hack. So in the Phishing example above as the owner of the site where the hacker breached or collected the information used for illicit purposes, you would ultimately be the one liable. In addition your accounts would be suspended and you could have all of your online content seized or prohibited access to it. Remember those long hosting agreements and terms of service contracts you never read but eagerly in haste agree to? Well most often this is where the hosting companies push the responsibilities on to you. This is in part why you are getting your hosting space in many cases for so cheap since the cost is not in the hardware and disk space they allocate you but in the administration and threat prevention systems the hosting companies need to employ. They pass the potential liabilities on to their customers to avoid potentially extensive legal and administrative costs. It is also often not an area they have under their control since ultimately you are the one responsible for keeping your site secure and up to date.
Here is a report that discusses the current state higher of cyber risks and reduced readyness: http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf
The conclusion here is that regardless of how big your site is you need to make sure you are paying attention to the security aspects of your environment. Most of the time this means to have a professional team behind you and making sure you keep your online environment current and up to date. While there is no such thing as a guarantee when it comes to security having a dedicated team available to advise, monitor and ready to respond when an incident arises could protect you from serious liability and significant costs.
Follow